Hiker, software engineer (primarily C++, Java, and Python), Minecraft modder, hunter (of the Hunt Showdown variety), biker, adoptive Akronite, and general doer of assorted things.
Eh… Without examples, I don’t know that this is a good warning.
Everyone gets into different technologies at their own pace. Even if it does bite OP in some abstract way because they eventually get to some complex use case, that’s okay; it’s all a learning experience.
PostgreSQL is just better. It’s supports transactions on DDL (things like altering table structure) and enforces unique constraints after transactions complete … so you can actually do a bunch of important stuff (like update your table structure or swap unique values between rows) safely.
As someone that uses a custom domain for the majority of his email, it’s not really a privacy thing, it’s a control thing.
I have hundreds of unique unpredictable email addresses and I can disconnect them at will to stop spam.
Hmm… There’s been a lot of quality of life patches (key binds, esc to close interfaces, clicking outside of interfaces closes them, smarter quantities on the withdraw screen, the option to have left click do a “default action” rather than opening the window, middle click drag, etc). He was pushing out changes every day for like two weeks, then weekly patches.
I haven’t really seen anything I’d call a bug (it’s actually one of the most stable games I’ve ever played).
It’s definitely a true early access game (and they’ve said as much; they’re open to a lot of potential changes and have been quite receptive to feedback with strong consensus), so I’d definitely check back from time to time if you like it in concept. They’re talking about adding action queuing and reworking the combat to feel “better” in the near term. Player trading and PvP duels should come soon after as well along with a bunch of other stuff.
The game is designed to be friendly to touch screens and they do plan to have a mobile client eventually (similar to RuneScape). However, they have said they will not add any micro transactions or other predatory stuff … and I believe them; the Gowers have been quite principled about that over the years.
Yeah? What wasn’t clicking for you? I love it
Me with a 7900 XTX playing brighter shores 🥲
The specs in the comic are just crazy. The top of the line option has expanded a lot too. In the past Nvidia wouldn’t have bothered making a 4090 because the common belief was nobody would pay that much for a GPU… But seemingly enough people are willing to do it that it’s worth doing now.
AMD also revived CPUs in desktop PCs from extreme stagnation and raised the bar for the high end on that side as well by a lot.
So it’s a mix of inflation and the ceiling just being raised as to what the average consumer is offered.
deleted by creator
Yes, WireGuard was designed to fix a lot of these issues. It does change the equation quite a bit. I agree with you on that (I kind of hinted at it but didn’t spell that out I suppose).
That said, WireGuard AFAIK still only works well with static IPs/becomes a PITA once dynamic IPs are in play. I think some of that is mitigated if the device being connected to has a static IP (even if the device being connected from doesn’t). However, that doesn’t cover a lot of self hosting use cases.
Tailscale/ZeroTier/Nebula etc do transfer some control (Nebula can actually be used with fully internal control and ZeroTier can also be used that way as well though you’re going to have to put more work in with ZeroTier … I don’t know about TailScale’s offering here).
Though doing things yourself also (in most cases) means transferring some level of control to a cloud/traditional server hosting provider anyways (e.g, AWS, DigitalOcean, NFO, etc).
Using something like ZeroTier can cutout a cloud provider/VPS entirely in favor of a professionally managed SAS for a lot of folks.
A lot of this just depends on who you trust – yourself or the team running the service(s) you’re relying on – more and how much time you have to practically devote to maintenance. There’s not a “one size fits all answer” but … I think most people are better off doing SAS to form an internal mesh network and running whatever services they’re interested in running inside of that network. It’s a nice tradeoff.
You can still setup device firewalls, SSH key-only authorization, fail2ban, and things of that ilk as a precaution in case their networks do get compromised. These are all things you should do if you’re self hosting … but hobbyist/novices will probably stumble through them/get it wrong, which IMO is more okay in the SAS case because you’ve got a professional security team keeping an eye on things.
The company Tailscale is a giant target and has a much higher risk in getting compromised than my VPN or even accessible services.
One must be careful about this mindset. A bunch of smart lightbulbs that are individually operated aren’t a particularly appealing target either. However, in aggregate… If someone can write a script that abuses security flaws in them or their default configuration … even though you’re not part of a big centralized target, you are part of a class that can be targeted automatically at scale.
Self hosting only yields better security when you are willing to take steps to adequately secure your self hosted services and implement a disaster recovery strategy.
The thing about something like TailScale or ZeroTier or Nebula is that it’s dynamic. These all behave similar to a multiplayer game … a use case every residential firewall should “just get.”
The ports that are “opened” can change regularly, they’re not some standard port that can just be checked to see if it’s open (typically).
Compare that to the average novice opening port 51822 for wireguard or 22 for SSH and you start to see the difference. With those ports, you’ve got a pretty good idea what’s on the other side and it might even be willing to talk to you and give you error messages or TCP ACK packets to confirm it’s there (e.g. SSH).
This advice is as you can probably imagine more relevant to things like OpenVPN that are notoriously hard to correctly configure or application protocols like SSH or HTTP.
With these mesh VPNs you also don’t have to worry about your home dynamic IP changing and breaking your connection at inopportune times… And that’s a huge benefit (IMO). It’s also very easy to tie in new devices to the network.
A lot of it is about outsourcing labor to programs that know how to set up a VPN and make management of it easy. That ties into security because … a LOT of security issues boil down to misconfiguration.
Interesting; well it’s good info/good to know it exist … though, I’m probably going to stick to explicit listing. I like to be able to look at my DNS records and know what connects to what.
I’ve never used wildcard DNS, I’m not even sure that Namecheap DNS supports wildcard. But I’ve also never been in a situation where there’s a dominate single machine I want my DNS to resolve to.
After searching … I’m not entirely sure I would use wildcard DNS https://serverfault.com/a/483625
My preferred strategy is actually alias records and then one primary address record the alias records point to so if I change IPs I can move the machine. I forgot about that last night.
Wow the responses here are really off at the moment. I’m going to try and help.
So, what you’re going to want to do is add all the subdomain A records you need to you DNS (sounds like you’re using cloudflare for that, not required, but that should be fine).
Those DNS records are all going to be the same IP record, that’s fine.
What you need to do after that, so that you don’t have to enter ports is a bit more complicated. For web servers, some kind of reverse proxy like nginx, haproxy, apache, etc is what you need. The term you’re looking for is “virtual host”.
A virtual host setup is basically one where a reverse proxy looks at the domain name that was used to access the server over HTTP and then uses that to decide what server running on the machine you actually talk to.
It’s HTTP that actually is passing along the domain name you used, so if the service isn’t HTTP you may or may not be able to do anything depending on the underlying protocol.
So to recap:
ZeroTier is also an option in the same vein as TailScale.
You will share your IP with something like TailScale or ZeroTier.
Reverse proxies can be good but with gaming … there’s only so much you can do because of the custom protocols. Most of that stuff isn’t going to care about the DNS. You’re also introducing additional latency if you use a VPS as a “middle man.”
I think you need to consider who you’re going to be giving access to and what threats you’re trying to protect against.
My advice would be to set up ZeroTier on all the machines that are going to play together and set it up so it only allows connections between clients and the server (there’s a guide for this in their documentation). Then give the gaming machine a ZeroTier IP you put in your DNS.
Most games use different ports so there really isn’t a need for lots of DNS names. However, you could assign multiple ZeroTier IPs to the same machine and give each game server its own DNS and its own IP.
Remember that databases were designed to host multiple databases for multiple users… As long as you’re working with maintained software (and you are) it should be pretty trivial to run on the latest version of Postgres and have everything just work using one instance if you’re resource constrained.
Definitely a good point about being able to migrate as well. Postgres has excellent tools for this sort of thing.
It might help if you described what you’re actually trying to forward … and why the source IP matters.
ZeroTier would be my recommendation personally (it does what tailscale does but it’s been doing it longer and you can use whatever IP ranges you need vs some public IPv4 address space TailScale pools from).
https://www.amazon.com/gp/aw/d/B09227RQV2?psc=1&ref=ppx_pop_mob_b_asin_title
This is my favorite rack mount chassis I’ve worked with … and it coincidentally is in that ballpark.
Eh… TrueNAS UI basically takes care of any zfs learning curve. The main thing I’d note is that RAID 5 & 6 can’t currently be expanded incrementally. So you either need to use mirroring, configure the system upfront to be as big as you expect you’ll need for years to come, or use smaller RAID 5 sets of disk (e.g. create 2 raid 5 volumes with 3 disks each instead of 1 RAID 5 volume with 6 disks).
Not sure what you’re referring to as an easy backup option that zfs excludes, but maybe I’m just ignorant 🙂
I use Kopia to B2, then on a monthly basis I copy the current Kopia repo to an external drive that’s otherwise kept offline in my house.